---

Title

Prince Sultan University Institutional Risk Management Policy

PSU Policy Code: GV0004

Original adoption: 15/08/2020

Reporting

All risks raised will be recorded on the PSU Risk Register (as per the guidelines). Reporting of risks will be carried out every two years.

The process is illustrated in the diagram below:

Crisis Management Framework

Crisis could be defined as “a sudden event or series of events that significantly threaten the operations of Prince Sultan University.” The University will proactively identify and manage “crises” that may threaten the PSU community. The Crisis Management & Response Management Team (CMRMT) will determine the classification of crisis incidents. In compliance with PSU policies/guidelines and the Saudi ministries, the team will communicate with PSU communities and take appropriate actions to overcome the crisis that has the potential threat on operations and activities of PSU.

Following an emergency or crisis, the CMRMT of university will assess the action plans and impacts and embed ongoing risk management and crisis management policies. The University may update other related policies and provide regular, tailored training for managing the crisis and evaluating the response afterwards.

Risk Register (Guidelines reference)

Prince Sultan University Risk Register example is shown in Appendix for GV0004 in the guidelines.

• Each College-Department / Unit / Centre will be denoted by their abbreviations (e.g., CBA-ACC for College of Business Administration – Accounting). For Units / Centres: TLC for Teaching and Learning Center;
• Each Risk statement has a unique number (e.g., CBA-ACC-AR-001), which is called Risk ID
• Each Risk statement is categorized as Academic/Financial/Other risk: AR = Academic Risk statement; FR = Financial Risk; OR = Other Risk;
• A unit manager is responsible for identifying and managing each risk statement;
• Each Risk statement should have a cause and impact description;
• Each Risk statement should have a score: 1 – Low; or 2 – Medium; or 3 – High;
• Based on the overall risk score, unit manager should provide a risk response action plan;
• After the action plan, the unit manger also determines the risk control score (1 [Low response]; or 2 [Medium response]; or 3 [High response]);
• Residual risk score will provide the significance of the action plan. How overall risk can be reduced after necessary actions? and
• Finally, a unit manager provides the evaluation of each risk statement every two years.

In addition to Prince Sultan University (PSU) Risk Register, the Risk Management Committee and unit managers can identify any risks, including ones specific to circumstances.

As part of the crisis management, due Coronavirus disease (COVID-19) in March 2020, all programs were instructed to do online teaching and assessment.

Approved

PSU University Council

APPENDICES: PLEASE FIND THE GUIDELINES FOR PSU’S RISK MANAGEMENT POLICY (GV0004)

Appendix for GV0004

Guidelines for Prince Sultan University (PSU) Risk Management Policy

The guidelines include three sub-sections:

• GV0004.1 Risk Management Committee, and its Roles & Responsibilities
• GV0004.2 Formation of Crisis Management & Response Management Team (CMRMT)
• GV0004.3 Risk Assessment Methodology and Matrix
• GV0004.4 Prince Sultan University Risk Register (Example)

GV0004.1 Risk Management Committee, and its Roles & Responsibilities

The responsibility of the risk management committee includes: define PSU’s approach to risk management by involving unit managers; discuss and approve issues that significantly affect the risk profile or exposure; continuously monitor risks and ensure actions are being implemented; and review risks every two years.

Memberships of the risk management committee for AY 2022-23 are as follows:

1. Prof. Saad Alruwaita, Vice President for Administrative and Financial Affairs — Chair
2. Prof. Mohammed Nurunnabi, Advisor to the President on Ranking and Internationalization; Director of Sustainability and Climate Center; Chair, Department of Accounting — Co-Chair
3. Dr. Heba Khashim, Vice-President, Campus for Women — Member
4. Dr. Nasser Al-Saadoun, Assistant Vice President for Administrative and Financial Affairs — Member
5. Dr. Saad AlMousa, Dean, College of Business Administration — Member
6. Mr. Abdulaziz AlObaid, Director, Human Resources Office — Member
7. Mr. Muneer Shaik, Chief Administrative Officer, VP for Administrative and Financial Affairs — Coordinator

GV0004.2 Formation of Crisis Management & Response Management Team (CMRMT)

The CMRMT will be chaired by the PSU President and consists of:

• President, Prince Sultan University (PSU), (Chair of CMRMT)
• Vice President for Administrative and Financial Affairs
• Vice President for Academic Affairs
• Vice-President, Campus for Women/Vice Dean, DAR
• Dean, Deanship of Quality Assurance and Development
• Dean, College of Business Administration (CBA)
• Dean, College of Computer and Information Sciences (CCIS)
• Dean, College of Engineering (CE)
• Dean of the College of Law (CL)
• Dean, College of Humanities (CH)
• Dean, Deanship of Educational Services (DES)
• Vice Dean, College of Business Administration (CBA)
• Vice Dean, College of Law (CL)
• Vice Dean, College of Humanities (CH)
• Chair/Co-Chair, Institutional Risk Management Committee
• Other Related centers/units at PSU depending on the crisis response (Nominee by the President)

GV0004.3 Risk Assessment Methodology and Matrix

Each risk will be assessed based on two components: likelihood and impact of risk occurrence. Each component will be evaluated based on a 3-point scale.

Likelihood: How likely is the risk going to happen?

• Low – Likelihood of occurrence (<20% chance of occurrence)
• Medium – Likelihood of occurrence (20% - 60% chance of occurrence)
• High –Likelihood of occurrence (>60% chance of occurrence)

Impact: What would the impact be if the risk occurs?

• Low – Unlikely to have a significant effect
• Medium– Potential impact but may be managed through existing processes
• High– Significant impact on performance

Risk Level Determination (Overall Risk Score)

3x3 matrix below can be used to calculate the overall risk score:

LIKELIHOOD / PROBABILITY

Overall Risk Score (in color) and Risk Level

Risk Control Score based upon Action Plan

Risk Control Score is based upon appropriate action of individual risk for mitigating risks. Each control score ranged between 1 to 3:

• High: 3, significant control measures are fully in place
• Medium: 2, i.e. some controls in place but further actions to be planned
• Low: 1, i.e. no action is in place

Risk Control Score Calculation and Risk Level in Color

This is the scale of the risk after taking necessary actions.

GV0004.4 Prince Sultan University Risk Register (Example)